Deprecated Host Intrusion Prevention Signatures are still listed in custom IPS Rules policies
技術的な記事 ID:
KB90602
最終更新: 5/18/2018
最終更新: 5/18/2018
Deprecated Host Intrusion Prevention Signatures are still listed in custom IPS Rules policies
技術的な記事 ID:
KB90602
最終更新: 5/18/2018 環境
McAfee Host Intrusion Prevention (Host IPS) 8.0
問題
The monthly Exploit Prevention Content states that an IPS Signature has been deprecated (removed), yet the IPS Signature number still exists in the IPS Rules policy Signatures menu on the ePolicy Orchestrator server. The deprecated Signatures do not display in the McAfee Default IPS Rules policy. Example: Exploit Prevention Content 8381 - May 2018 Signature 6079 has been deprecated and replaced. https://www.mcafee.com/us/content-release-notes/exploit-prevention/index.aspx Signature 6079: Suspicious LSASS Access Detected Description: - The Signature has been deprecated from the content as it is more generic and false prone. Note: This Signature functionality has been replaced by the below Signatures released along with this content. Customers are requested to change the level / reaction-type of below Signatures based on their requirement. • Signature 6116: Mimikatz LSASS Suspicious Memory Read • Signature 6117: Mimikatz LSASS Suspicious Memory DMP Read 解決策
The deprecated IPS Signature still displays in the IPS Rules policy because the Signature configuration was changed from the McAfee default state (for example, Severity level, Client rules, or Log status has been changed previously). To resolve this issue:
影響を受ける製品言語:技術用語集 |
|